Hi all,
We have few Custom CSV lookups that have been added to ES for Threat Intel. For the existing data, we can lookup the artifacts and confirm that those are present in ES but when adding new data to those lookups and reducing the "interval" option in Threat Intel Management, they still do not get added to ES.
Current setting for the data sources is 43200 seconds (12 hrs) but even after reducing it to few minutes the new entries never make it to ES. In Threat Intel Audit I do see the intel download time change but that doesn't seem to be making any difference.
Is there a way to manually force ES to re-read and add updated entries from the lookup?
Thanks,
~ Abhi
Hi ,
Would you please help me , how to change the time interval in threat Intel Management.